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Abstract. The ultimate objective of this paper is to create a stepping stone 
to the development of new quantum algorithms. The strategy chosen is to 
begin by focusing on the class of abelian quantum hidden subgroup algorithms, 
i.e., the class of abelian algorithms of the Shor/Simon genre. Our strategy is 
to make this class of algorithms as mathematically transparent as possible. By 
the phrase "mathematically transparent" we mean to expose, to bring to the 
surface, and to make explicit the concealed mathematical structures that are 
inherently and fundamentally a part of such algorithms. In so doing, we create 
symbolic abelian quantum hidden subgroup algorithms that are analogous to 
the those symbolic algorithms found within such software packages as Axiom, 
Cayley, Maple, Mathematica, and Magma. 

As a spin-off of this effort, we create three different generalizations of 
Shor's quantum factoring algorithm to free abelian groups of finite rank. We 
refer to these algorithms as wandering (or vintage %q) Shor algorithms. They 
are essentially quantum algorithms on free abelian groups A of finite rank n 
which, with each iteration, first select a random cyclic direct summand Z of 
the group A and then apply one iteration of the standard Shor algorithm to 
produce a random character of the "approximating" finite group A = Zq, 
called the group probe. These characters are then in turn used to find either 
the order P of a maximal cyclic subgroup Zp of the hidden quotient group 
H v , or the entire hidden quotient group H v . An integral part of these wander- 
ing quantum algorithms is the selection of a very special random transversal 

Lpt : A > A, which we refer to as a Shor transversal. The algorithmic 

time complexity of the first of these wandering Shor algorithms is found to be 
0(n 2 (lgQ) 3 (lglgQ)' l + 1 Y 
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Part 1. Preamble 

1. Introduction 



The ultimate objective of this paper is to create a stepping stone to the devel- 
opment of new quantum algorithms. The strategy chosen is to begin by focusing 
on the class of abelian quantum hidden subgroup algorithms (QHSAs), i.e., the 
class of abelian algorithms of the Shor/Simon genre. Our strategy is to make 
this class of algorithms as mathematically transparent as possible. By the phrase 
"mathematically transparent," we mean to expose, to bring to the surface, and to 
make explicit the concealed mathematical structures that are inherently and fun- 
damentally a part of such algorithms. In so doing, we create a class of symbolic 
abelian QHSAs that are analogous to those symbolic algorithms found within such 
software packages as Axiom, Cayley, Magma, Maple, and Mathematica. 

During this mathematical analysis, the differences between the Simon and Shor 
quantum algorithms become dramatically apparent. This is in spite of the fact 
that these two share a common ancestor, namely, the quantum random group 
character generator QRand, described herein. While the Simon algorithm is a 
QHSA on finite abelian groups which produces random characters of the hidden 
quotient group, the Shor algorithm is a QHSA on free abelian finite rank groups 
which produces random characters of a group which "approximate" the hidden 
quotient group. It is misleading, and a frequent cause of much confusion in the 
open literature, to call them both essentially the same QHSA. 

Surprisingly, these two very different algorithms touch an amazing array of dif- 
ferent mathematical disciplines, from the obvious to the not-so-obvious, requiring 
the integration of many diverse fields of mathematics. Shor's quantum factoring 
algorithm, for example, depends heavily on the interplay of two metrics on the unit 
circle S 1 , namely the arclength metric Arc^t and the chordal metric ChorD2tt. 
This observation greatly simplifies the analysis of the Shor factoring algorithm, 
while at the same time revealing more of the structure concealed within the algo- 
rithm. 

As a spin-off of this effort, we create three different generalizations of Shor's 
quantum factoring algorithm to free abelian groups of finite rank, found in sec- 
tions 20 and 22. We refer to these algorithms as wandering (or vintage Zq) Shor 
algorithms. They are essentially QHSAs on free abelian finite rank n groups A 
which, with each iteration, first select a random cyclic direct summand Z of the 
group A and then apply one iteration of the standard Shor algorithm to produce 
a random character of the "approximating" finite group A, called a group probe. 
These algorithms find either the order P of a maximal cyclic subgroup Zp of the 
hidden quotient group or the entire hidden quotient group H v . An inte- 
gral part of these wandering algorithms is the selection of a very special random 
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transversal : A — ► A, which we refer to as a Shor transversal. The algorithmic 
time complexity of the first of these wandering (or vintage Zq) algorithms is found 

in theorem 11 of section 21 to be O (n 2 (lgQ) 3 (lglgQ)™ +1 ^ , where n denotes the 
fixed finite rank of the free abelian group A. Theorem 11 is based on the assump- 
tions also found in section 21. This asymptotic bound is by no means the tightest 
possible. 

Throughout this paper, it is assumed that the reader is familiar with the class 
of quantum hidden subgroup algorithms. For an introductions to this subject, 
please refer, for example, to any one of the references [8], [25], [26], [29], [33], 
[36], [43], [44]. This paper focuses, in particular, on the abelian hidden subgroup 
problem (HSP), with eye toward future work by the authors on the non-abelian 
HSP. There is a great deal of literature on the abelian HSP, for example, [5], [14], 
[25], [26], [27], [29], [35], [36], [43], [44], [45]. For literature on the non-abelian 
hidden subgroup problem, see for example, [16], [24], [14], [26], [33], [36], [38], 
[39], [41], [48]. 



2. An example of Shor's quantum factoring algorithm 

As an example of what we would like to make mathematically transparent, 
consider the following instance of Peter Shor's quantum factoring algorithm. A 
great part of this paper is devoted to exposing and bringing to the surface the many 
concealed mathematical structures that are inherently and fundamentally part of 
this example. 

Perhaps you see them? Perhaps you find them to be self evident? If you 
do, then you need read no more of this paper, although you are most certainly 
welcome to read on. If, on the other hand, the following example leaves you 
with a restless, uneasy feeling of not fully understanding what is really going on 
(i.e., of not fully understanding what concealed mathematical structures are lurking 
underneath these calculations) , then you are invited to read the remainder of this 
paper. 

Peter Shor's quantum factoring algorithm reduces the task of factoring a posi- 
tive integer N to first finding a random integer a relatively prime to N, and then 
next to determining the period P of the following function 

Z ZmodA 
x i — ► a x mod N , 

where Z denotes the additive group of integers, and where ZmodA denotes the 
integers mod N under multiplication 1 . 

Since Z is an infinite group, Shor chooses to work instead with the finite ad- 
ditive cyclic group Zq of order Q — 2 m , where N 2 < Q < 2N 2 , and with the 

1 A random integer a with gcd (a, N) = 1 is found by selecting a random integer, and then 
applying the Euclidean algorithm to determine whether or not it is relatively prime to N. If not, 
then the gcd is a non-trivial factor of N, and there is no need to proceed futhcr. However, this 
possibility is highly unlikely if N is large. 
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"approximating" map 



Z Q ZmodiV 
xi — > a* mod AT , < x < Q 



Shor begins by constructing a quantum system with two quantum registers 

|Left_Register) |Right_Register) , 

the left intended to hold the arguments x of <p, the right to hold the corresponding 
values of Hp. This quantum system has been constructed with a unitary transfor- 
mation 

Uz-.\x)\\)^\x)\<p(x)) 
implementing the "approximating" map tp. 

As an example, let us use Shor's algorithm to factor the enormous integer 
N = 21, assuming that a = 2 has been randomly chosen. Thus, Q = 2 9 = 512. 

Unknown to Peter Shor, the period is P = 6, and hence, Q = 6 • 85 + 2. 

Shor proceeds by executing the following steps: 



STEP Initialize 

l^o) = |0) |1) 



3TEP 1 Apply the Fourier transform 



511 



x=0 



to the left register, where u = cxp(27ri/512) is a primitive 512-th root of 
unity, to obtain 



511 



v x=0 



5TEP 2 Apply the unitary transformation 

: \x) |1) i — ► \x) \2 X mod 21) 

to obtain 

511 



hM = -l=f>)|2*mod21) 



x=0 



STEP 3 
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Once again apply the Fourier transform 



v y=0 

to the left register to obtain 



511 511 1 511 /511 N 

l^3> = 5^ E E ^ \V) \ T mod 21 > = 512 £ |y) E <^ I 2 ' mod 21 > 

i=0i/=0 y=0 \x=0 / 



-^Eiy)i T (y)) 

where 

511 

|T(y)) = ^V !/ |2 x mod21) 

a;=0 



STEP 4 Measure the left register. Then with Probability 

rrob vW (5i2)2 

the state will "collapse" to \y) with the value measured being the integer y, 
where < y < Q. 

Let us digress for a moment to find a more usable expression for the probability 
distribution Prob^, (y). 



\T(y)) =£y»|2*mod21) 



x=0 

85-1 6-1 2-1 

= Y E u (6xi+Xo)y \2 6xi+x " mod 21) + Y u {6 ' 85+Xo)y \2 6 - 85+x " mod 21) 

But the order of a = 2 modulo 21 is P = 6, i.e., P — 6 is the smallest positive 
integer such that 2 6 = 1 mod 21. Hence, the above expression becomes 

(84 \ 5 1 

Y uj 6xiy Y u xoy 12*° mod 21) + LU 6 - 85y Y u xoy \2 X0 mod 21) 
x\— / xq— xo=0 

(85 \ 1 / 84 \ 5 

Y u 6xiy " xav |2 X ° mod 21) + I Y ^ X1V E ^ \ T ° mod 21 > 

£Ci=0 / x =0 \xi=0 / x =2 
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Since the kets { |2 X ° mod 21) | < xq < 6 } are all distinct, we have 





85 


2 


84 


T (y) | T (y) ) = 2 




+ 4 


V uj 6xiV 




zi=0 




x 1= 



After a little algebraic manipulation, we finally have the following expression for 
Probf (y): 



Prob v (y) 



T (y) | T (y) 
(512) 2 



2 (S)+2sin^) ify ^ 0or256 



sm 

~~ (131072) sin 2 



10923 
65536 



A plot of Probf, (y) is shown in Figure 1. 

ZEiD 



0.1 

I Yob 

0.08 



ty = 85 i iy= *jn 



if y = or 256 



y = 256 



|y = 34ll [ y =427) 



100 200 300 400 500 

y 

Figure 1. A plot of Prob^(y). 

The peaks in the above plot of Prob^ (y) occur at the integers 

y = 0, 85, 171, 256, 341, 427. 

The probability that at least one of these six integers will occur is quite high. 
It is actually 0.78 + . Indeed, the probability distribution has been intentionally 
engineered to make the probability of these particular integers as high as possible. 
And there is a good reason for doing so. 



The above six integers are those for which the corresponding rational y/Q is 
"closest" to a rational of the form d/P. By "closest" we mean that 



y_ _ d_ 
Q P 



1 1 

< 2Q < 2P* 
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In particular, 

85 171 256 341 427 
512' 512' 512 '512' 512' 512 
are rationals respectively "closest" to the rationals 

1 2 3 4 5 

6' 6' 6' 6' 6' 6 

So by theorem 12 of Appendix A, the six rational numbers 0/6, 1/6, . . . , 5/6 are 
convergents of the continued fraction expansions of 0/512, 85/512, ... , 427/512, 
respectively. Hence, each of the six rationals 0/6, 1/6, ... , 5/6 can be found 
with the recursion given in Appendix A. 

But ... , we are not searching for rationals of the form d/P. Instead, we seek 
only the denominator P = 6. 

Unfortunately, the denominator P = 6 can only be gotten from the continued 
fraction recursion when the numerator and denominator of d/P are relatively prime. 
Given that the algorithm has selected one of the random integers 0, 85, ... , 427, 
the probability that the corresponding rational d/P has relatively prime numerator 
and denominator is <j) (6) /6 = 1/3, where cf) (— ) denotes the Euler totient function. 
So the probability of finding P = 6 is actually not 0.78+ , but is instead 0.23~. 

From Peter Shor's perspective, the expression for the probability distribution 
is not known, since the period P is not known. All that Peter sees is a random 
integer y produced by the probability distribution Prob^. However, he does know 
an approximate lower bound for the probability that the random y produced by 
Probp is a "closest" one, namely the approximate lower bound 4/n 2 = 0.41 - . Also, 
because 2 

.. . . 4>{N) In In TV _ 7 

lim mi = e 7 , 

N 

where 7 = 0.5772 • • • denotes Euler's constant, he knows that 



Hence, if he repeats the algorithm O(lglgiV) times 3 , he will obtain one of the 
desired integers y with probability bounded below by approximately 4/ir 2 . 

However, once he has in his possession a candidate P' for the actual period 
P = 6, the only way he can be sure he has the correct period P is to test P' by 
computing 2 P mod 21. If the result is 1, he is certain he has found the correct 
period P. This last part of the computation is done by the repeated squaring 
algorithm 4 . 



Please refer to reference [21, Theorem 328, Section 18.4]. 
3 For even tighter asymptotic bounds, please refer to [9] and [37]. 

4 By the repeated squaring algorithm, we mean the algorithm which computes a p mod N via 
the expression 

IK- )'". 

3 

where P' = ^ • P'2 J is the radix 2 expansion of P'. 
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3. Definition of the hidden subgroup problem (HSP) and hidden 
subgroup algorithms (HSAs) 



We now proceed by defining what is meant by a hidden subgroup problem 
(HSP) and a corresponding hidden subgroup algorithm. For other perspectives on 
HSPs, please refer to [29], [27], [35]. 

Definition 1 . A map if : A — ► S from a group A into a set S is said to have 
hidden subgroup structure if there exists a subgroup K v of A, called a hidden 
subgroup, and an injection l v : A/K v — ► 5, called a hidden injection, such 
that the diagram 

A -*+ S 
A/K v 

is commutative, where A/K v denotes the collection of right cosets of K v in A, and 
where v : A — ► A/K v is the natural map of A onto A/K v . We refer to the group 
A as the ambient group and to the set S as the target set. If K v is a normal 
subgroup of A, then H v = A/K v is a group, called the hidden quotient group, 
and v : A — ► A/K v is an epimorphism, called the hidden epimorphism. 

The hidden subgroup problem can be expressed as follows: 

Problem 1 (Hidden Subgroup Problem (HSP)). Given a map with hid- 
den subgroup structure 

f.A^S, 

determine a hidden subgroup K v of A. An algorithm solving this problem is called 
a hidden subgroup algorithm (HSA). 

The corresponding quantum form of this HSP is stated as follows: 

Problem 2 (Hidden Subgroup Problem: Quantum Version). Let 

if -A — ► S 

be a map with hidden subgroup structure. Construct a quantum implementation of 
the map if as follows: 

Let Ha and Hs be Hilbert spaces defined respectively by the orthonormal bases 

{ | a) | a e A } and { \s) | s e S } , 

and let s — f (0), where denotes the identity of the ambient group A. Finally, 
let U v be the unitary transformation 

U v :H A ®'Hs — ► H A ® H s 

1 

\a)\s Q ) i — ► \a)\if(a)) 
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Determine the hidden subgroup K v with bounded probability of error by making 
as few queries as possible of the blackbox U v . A quantum algorithm solving this 
problem is called a quantum hidden subgroup algorithm (QHSA). 



In this paper, we focus on the abelian hidden subgroup problem (AHSP), 

i.e., the HSP with the ambient group A assumed to be a finitely generated abelian 
group, and where the image of the hidden morphism ip is a finite subset of S. 
(We will also on occasion assume that the entire set S is finite.) 

In this paper we focus on the following two classes of abelian hidden subgroup 
problems: 5 

• Vintage Simon AHSP. The ambient group A is finite and abelian. 

• Vintage Shor AHSP. The ambient group A is free abelian of finite rank. 



Notation Convention | For notational simplicity, throughout this paper we will 
use additive notation for both the ambient group A and the hidden subgroup K v , 
and multiplicative notation for the hidden quotient group H v = A/K v . 6 



Part 2. Algebraic Preliminaries 



4. The Character Group 



Let G be an abelian group. Then the character group (or, dual group) G 

of G is defined as the group of all morphisms of G into the group S 1 , i.e., 

G = Horn (CS 1 ) 

where S 1 denotes the group of orientation preserving symmetries of the standard 
circle, and where multiplication on G is defined as: 

(/1/2) (g) = h (9) h (.9) for all f u f 2 G G 
The elements of G are called characters. 7 



Remark 1. The group S 1 can be identified with 

1) The multiplicative group U(l) = { e 27rtx x G K }, i.e., with multi- 
plication defined by e 2 * ia ■ e 2vi0 = e 27 "( Q +« 

2) The additive group 27rR/27rZ, i.e., the reals modulo 2ir under addition, i.e., 
with addition defined as 

2na + 2n/3 mod 2tt = 2tt (a + [3 mod I) 



5 For the general abelian HSP, please refer to [8] and [29]. 
6 This follows the notational convention found in [43]. 

7 More generally, for non-abclian groups, a character is defined as the trace of a representation 
of the group. 
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Remark 2. Please note that the 1-sphere S 1 can be thought of as a Z-module 
under the action 

(n, 2na) i — ► 2tt (na mod 1) 

Theorem 1 . Every finite abelian group G is isomorphic to the direct product 
of cyclic groups, i.e., 

G = Z TOl x Z„ l2 x ... x Z mj! , 
where 7L m - denotes the cyclic group of order mj . 

Theorem 2. Let G be a finite abelian group. If G = G\ x Gi, then G = 
Gi x G 2 . 

Theorem 3. Z m = Z m 

Corollary 1. If G is a finite abelian group, then G = G. 

Remark 3. The isomorphism G = G can be expressed more explicitly as fol- 
lows: 

Let G = Z 

mi xZ m2 x ... x , and let gi 7 g2> • ■ • ? gt denote generators of 
Z TOl , Z m2 , . . . , Z mf respectively. Moreover, let u>i, u>2, ■ ■ ■ , u>e be mi-th, mi-th, ... 
, mg-th primitive roots of unity, respectively. Then the character \j ofZ mj defined 
by 

Xj(9j) = Uj 

generates 7L mj as a cyclic group, i.e., the powers (xj) generate r L mj . Moreover, 
the characters Xj of G defined by 

\i=0 ) \t=j+l 

generate G. It follows that an isomorphism G = G is given by 

9j < — ► Xj 



Notation Convention | In general, we will not need to represent the isomor- 
phism G = G as explicitly as stated above. We will use the following convention. 
Let {gi, <72 ; ■ • • , <%} and {xi, X2, • ■ • , Xli } denote respectively the set of elements 
of G and G indexed in such a way that 

9 3 < — ► Xj 

is the chosen isomorphism of G and G. We will at times use the notation 
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5. Fourier analysis on a finite abelian group 



As in the previous section, let G be a finite abelian group 8 and let G denote 
is character group. Let g and \ denote respectively elements of the groups G and 
G 

Let CG and CG denote the corresponding group algebras of G and G over the 
complex numbers C. Hence, CG consists of all maps / : G — ► C. Addition '+', 
multiplication and scalar multiplication are defined as: 

f (/i + / 2 )(<?) = h{g) + h{g) V 3 eG 

(fi»h)(g) = ^/i (h)f2(h- 1 g) VgeG (Convolution) 

h€G 

k (A/) (g) = Xf(g) VAeCandV. 9 eG 

Caveat. Please note that the symbol g has at least three different meanings: 

♦ Interpretation 1 . The symbol g denotes an element of the group G 

♦ Interpretation 2. The symbol g denotes a pointwise map 

g:G^C 

defined by 

g(g') - 




Thus, 

/ = ^2f(g)g denotes g i — ► f(g) 

Hence, g € CG. Since G is isomorphic as a group to the set of pointwise 
maps {g : G — ► C | g e G} under convolution, we can and do identify the 
group elements of G with the pointwise maps g G CG. Thus, INTERPRE- 
TATIONS I and 2 lead to no ambiguity at the algebraic level. 

♦ Interpretation 3. The symbol g denotes a character of G defined by 

g(x) = x (g) 

Thus, with this interpretation, g € G C CG. This third interpretation 
can, in some instances, lead to some unnecessary confusion. When this 
intended interpretation is possibly not clear from context, we will resort to 
the notation 



8 If G is infinite, then ring multiplication '•' is not always well defined. So CG is not a ring, 
but a Z-module, with a group of operators. One way of of making CG into a ring, is to restrict 
the maps on G, e.g., to maps with compact support, to maps with L 2 norm, etc. 
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for interpretation 3 of the symbol g. Thus, for example, 

f = ^2f(g)g' denotes the map X 1 — * ^2f(g)x(g) 

seG s eG 

In like manner, the symbol \ has at least three different meanings: 

• Interpretation 1 . The symbol X denotes an element of the group G 

♦ Interpretation 2. The symbol x denotes a pointwise map 

defined by 

1 if X = x' 



x(x') = 

Thus, 



otherwise 



/ = ^2f{x)x denotes X 1 — ► fix) 

X6G 

Hence, X € CG. Since G is isomorphic as a group to the set of pointwise 
maps jx : G ► C | x G G j under convolution, we can and do identify the 

group elements of G with the pointwise maps x € CG. Thus, interpre- 
tations 1 and 2 lead to no ambiguity at the algebraic level. 

♦ Interpretation 3. The symbol X denotes a character map of G onto C 
defined by 

g< — > x (g) 

Thus, with this interpretation, X € CG. This third interpretation can, 
in some instances, also lead to some unnecessary confusion. When this 
intended interpretation is possibly not clear from context, we will resort to 
the notation 

x- 

for interpretation 3 of the symbol X - Thus, for example, 
I' = /MX* denotes the map g> — > ^ /(x)x (fiO 

X6G X GG 

We define complex inner products on the group algebras CG and CG as follows: 

gee 

(T1J2) - ^E/iW^W v/i,7 2 eCG 

X6G 



where /2Q7) and /2(x) denote respectively the complex conjugates of /2(g) and 

/ 2 (x)- 
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The corresponding norms arc defined as 



VUJj v/ g CG 

(/,/) V/eCG 



As an immediate consequence of the above definitions, we have: 

{1 if 9i = .92 [ 1 if Xi = X2 

and (xi,X2) = < 

otherwise [ otherwise 

It also follows from the standard character identities that 

i if.?? = .9 2 ' f i tfx* = x5 



(.9?,. 9 2 *) 



and (X*,X*) 



otherwise 



otherwise 



We are now in a position to define the Fourier transform on a finite abelian 
group G. 



Definition 2. The Fourier transform T for a finite abelian group G is 
defined as 



CG 
/ 



CG 



Hence, 



fix) = V\G\(f,x') = -j=^2f(g)x(9) 

VM ff6G 



Proposition 1. 



Proof. 



)=YjKx)x{go) = — )=y^— ^=y2f(g)x(g)x(go) 



= T^|H/(-9)Ex(5)x(3o) = /(.9o) 



□ 



We define the inverse Fourier transform as follows: 
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Definition 3. The inverse Fourier transform T 1 is defined as 
CG CG 

f 1 > / = ^""^ f(x)x 



xeG 



Hence, 



f (.g) - (7, 5-) = --j= E 7(x)x (5) 



xeG 



Theorem 4 (Plancherel identity) . 



Proof. 



(/./) = ^Ei/(f)i 2 



96G 



T^E^tE7(x)xG?) 



i= E /(x')x' (g) 

' 'x'€G 



= ]^j2 E E E 7(x)/(x0x (3) x' (5) 



iEEMW (Ex(.9)x'(.9) 
1 1 xeGx'ec VseG , 



pE |7(x) 



X6G 



6. Implementation issues: Group algebras as Hilbert spaces 



□ 



For implementation purposes, we will need to view group algebras also as 
Hilbert spaces. 9 

In particular, CG and CG can be respectively viewed as the Hilbert spaces TLq 
and Hq defined by the respective orthonormal bases 



{\g)\geG} and {| x ) | x gg}. 



3 Category theorists will recognize this as a forgetful functor. 
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In this context, the Fourier transform T becomes 



Hf 



l/> = £/(<?)!<?) ~ |/) = 7=E (E/(5)x(5)) |X) 
sec v xeG \ 9 eG J 

and the inverse Fourier transform T~ x becomes 

F- 1 



H 



G 



l/) = ^TnE £/(x)x( 5 ) }\9) 



9 eG VxeG 



One important and useful identification is to use the Hilbert space isomorphism 

Kg < — > 

\g) — lx s > 

Is*) < — ► lx) 

to identify the two Hilbert spaces Hg and Hq. As a result, the Fourier transform 
T and it's inverse T~ x can both be viewed as transforms taking the Hilbert space 
Hg to itself, i.e., 

Hg < 

Remark 4. T/iis /asi identification is crucial for the implementation of hidden 
subgroup algorithms. 



Part 3. QRand^Q: The Progenitor of All QHSAs 



7. Implementing Prob v (x) with quantum subroutine QRand v () 

Let 

tp : A — ► S 

be a map from a finite abelian group A into a finite set S. 

We use additive notation for the group A; and let So = tp (0) denote the image 
of the identity of A under the map tp. 

Let Ha, H^, and Hs denote the Hilbert spaces respectively defined by the 
orthonormal bases 

{ \a) | a e A } , { |x) | X e A } , and { \s) \ s e S } . 
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We assume that we are given a quantum system which implements the unitary 
transformation U v defined by 

■H A ®H S ^* H A ®H S 

\a)\s ) ' — ► \a)\<p(a)) 

We will use the above implementation to construct a quantum subroutine 
QRand^ () which produces a probability distribution 

Prob v : A — ► [0, 1] 

on the character group A of the group A. 

Before doing so, we will, as explained in the previous section, make use of var- 
ious identifications, such as respectively identifying the Fourier and inverse Fourier 
transforms Ta and TJ^ on the group A 

CA = H A ^2h a - = c ^ 

A 

with 

Fa 

cA = n A < n A = <ca 



Quantum Subroutine QRand^Q 



Step 0. 



Initialization 



m = io> \s ) 



Step 1. Application of the inverse Fourier transform T A x of A 

|Vi) = [T~ A X ® Is) |Vo) = -JfZ l«> I s ") 

V \ A \aeA 



where \A\ denotes the cardinality of the group A. 



Step 2. Application of the unitary transformation U v 



|V>2>=^|V>i> = -^=£|a)Ma)) 

V\ A \aeA 
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Step 3. Application of the Fourier transform Ta of A 

iv> 3 > - [t a x ® is) i^ 2 ) = ^,E E* («) ix) 1* («)> 



aeA 



XGA 



-E 1 

xeA 



¥>(x')>ll,„v \fbC)) 



Ix) 



llb(x*))ll 



where 



i^(x-)) = E^( a )i^ a )) 

aeA 



Remark 5. This notation is meant to be suggestive, since under the identifi- 
cation Ha = CA we have 



(x*)> = E* (°) ^ (°o = ^ I E* ( a ) a 

aeA \aeA / 



fix') 



Step 4. Measurement of the left quantum register. Thus, with probability 

ProbAx) JkMl 



the character \ isi the resulting measured value, and the quantum system 
"collapses" to the state 



1^4) - Ix) 



\<P(x')) 

Mx*)ll 



Step 5. Output the character x, and stop. 



Remark 6. The quantum subroutine QRand^Q can also be viewed as a sub- 
routine with the state \\) \<p (x*)) as a side effect. 



As a result of the above description of QRand^Q, we have the following the- 
orem: 



Theorem 5. Let 
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be a map from a finite abelian group A into a finite set S. Then the quantum sub- 
routine QRand^O is an implementation of the probability distribution Prob v (x) 
on the group A of characters of A given by 

\ A \ 

for all x € A, where x* denotes 

aeA 

Remark 7. Please note that the above theorem is true whether or not the map 
p : A — > S has a hidden subgroup. 

We will, on occasion, refer to the probability distribution 

Prob v : A — > [0, 1] 

on the character group A as the stochastic source (x) which produces a symbol 
X € A with probability Prob v (x)- (See [32].) Thus, QRand^, (x) is an algorithmic 
implementation of the stochastic source S v (x)- 



Part 4. Vintage Simon Algorithms 

We now begin the development of the class of vintage Simon QHSAs. These 
are QHSAs for which the ambient group A is finite abelian. 

8. Properties of the probability distribution Prob v (x) when ip has a 

hidden subgroup 

Let 

ip : A — ► S 

be a map from a finite abelian group A to a set S. We now assume that ip has a 
hidden subgroup K v , and hence, a hidden quotient group H v = A/K v . 

Let 

v : A — ► Hp = A/K v 

denote the corresponding natural epimorphism respectively. Then since Hom% (— , 27rM/27rZ) 
is a left exact contravariant functor, the map 

v : %, — ► A 

1] i — ► nou 

is a monomorphism 10 . 

Since v is a monomorphism, each character n of the hidden quotient group H v 
can be identified with a character x of A for which x (k) = 1 for every element of 



10 See [7]. 
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K v . In other words, H v can be identified with all characters of A which are trivial 
on K v . 

Theorem 6. Let 

be a map from a finite abelian group A into a finite set S. If there exists a hidden 
subgroup K v of <p, and hence a hidden quotient group H v = A/K v of ip, then 
the probability distribution Prob^ (x) on A implemented by the quantum subroutine 
QRAND^O is given by 

Prob v (x) = < 

[ otherwise 

In other words, in this particular case, Prob v (x) is nothing more than the uniform 
probability distribution on the character group H v of the hidden quotient group H v . 

Proof. Since ip has a hidden subgroup K v , there exists a hidden injection 

Ltp • Hip * S 

from the hidden quotient group H v — A/K v to the set S such that the diagram 

A S 

Hip 

is commutative, where v : A — ► H v denotes the hidden natural epimorphism of A 
onto the quotient group H v — A/K v . 
Next let 

i u '. H^p > A 

be a transversal map of the subgroup K v in A, i.e., a map such that 

v o t v = id Hip . 

In other words, i v sends each element h of H v to a unique element of the coset 
Recalling that 

f(x') = («)</?(» ' 

aeA 

we have 



<P(X*) = ^2x(a)^a= XI x( L v h + k ) J L v h 

aeA heH v \ keK, p 



X (ivh) ^2x(k) \ i v h= i Y X (fc) ^ X {tyh) i v h 

heH lp \keK v J \k£K p J \heH v 
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Thus, 



keK v 



k£K v 



heH v 



Iff,, 



But by a standard character identity 11 , we have 



Hence, it follows that 

fro&y, ( x ) 







Mx*) 



otherwise 



1 



if X G ff v 
otherwise 



□ 



9. A Markov process _A/f v induced by Profe, 



Before we can discuss the class of vintage Simon quantum hidden subgroup al- 
gorithms, we need to develop the mathematical machinery to deal with the following 
question: 

Question. Let ip : A — ► S be a map from a finite abelian group A to a finite set 
S. Assume that the map <p has a hidden group K v , and hence a hidden quotient 
group H v . From theorem 6 of the previous section, we know that the probability 
distribution 

Prob v : A — ► [0, 1] 

is effectively the uniform probability distribution on the character group H v of the 
hidden quotient group H v . How many times do wc need to query the probabil- 
ity distribution Prob v to obtain enough characters of H v to generate the entire 
character group H v ? 

We begin with a definition: 



Definition 4. Let 

Prob G : G — > [0, 1] 

be a probability distribution on a finite abelian group G, and let G + denote the sub- 
group ofG generated by all elements gofG such that Probe (g) > 0. The Markov 



"See [17]. 
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process Ma associated with a probability distribution Proba is the Markov process 
with the subgroups G a of G + as states, and with transition probabilities given by 

Prob (G a ~* Gp) = Proba {g € G + \ Gp is generated by g and the elements of G a } , 

where G a Gp denotes the transition from state G a to state Gp. The initial 
state of the Markov process Ma is the trivial subgroup Go- The subgroup G+ is 
called the absorbing subgroup of G. The transition matrix T of the Markov 
process is the matrix indexed on the states according to some chosen fixed linear 
ordering with (G a ,Gp)-th entry T a p given by Prob(G a Gp). 

The following two propositions are immediate consequences of the above defi- 
nition: 



Proposition 2. Let 

Prob G ■ G — > [0, 1] 

be a probability distribution on a finite abelian group G. Then the Markov process 
Ma is an absorbing Markov process with sole absorbing state G + , a state which 
once entered can never be left. The remaining states are transient states, i.e., 
states once left can never again be entered. Hence, 

( 1 if G a = G+ 
lim Prob G (g ~» G a ) = { 

V " ' { if G a ± G+ 

In other words, if the Markov process Ma starts in state Go, it will eventually 
end up permanently in the absorbing state G + . 



Proposition 3. Let T be the transition matrix of the Markov process associ- 
ated with the probability distribution 

Prob G : G — > [0, 1] 

Then the probability Prob (^G a ^> Gp^j that the Markov process Ma starting in 

state G a is in state Gp after n transitions is equal to the (G a , Gp)-th entry of the 
matrix T n , i.e., 



Prob(G aVi Gp)=(T n ) ap 



Under certain circumstances, we can work with a much simpler Markov process. 



Proposition 4. Let G be a finite abelian group with probability distribution 

Prob G : G — > [0, 1] 

such that Proba is the uniform probability distribution on the absorbing group G+. 
Partition the states of the associated Markov process Ma into the collection of sets 

{Gj | j divides \G + \} , 

where Gj is the set of all states G a of Ma of group order j. 
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If 

ProbiG, ~*Qj)= Proh {G t -» Gj) 

has the same value for all Gi € Gi, then the states of Ada can be combined 
(lumped) to form a Markov process j^^ um P ed W nh states {Gj | j divides \G+\}, 
and with transition probabilities given by 

Prob Lu mp ed ( Q . ^g j) = Prob ( G . ^g.) > 

where Gi is an arbitrarily chosen element of Gi, and with initial state Gi — {Go}- 

Moreover, the resulting M^ umpe j s a i so an absorbing Markov process with sole 
absorbing state G\g+\ = {G+} 7 w ^ a ^ other states transient, and such that 

Prob ^Go ^> G+^j = Prob ~> <?|g+|^ 

As a consequence of the above proposition and theorem 6, we have: 

Corollary 2. Let ip : A — ► S be a map from a finite abelian group A to a 
finite set S, which has a hidden subgroup K v , and hence a hidden quotient group 
H v . Moreover, let the ambient group A be the direct sum of cyclic groups of the 
same prime order p, i.e., let 

n 

A = QfKir. . 



Then the combined (lumped) process _/Vf^ umpeti is a Markov process such that 



Prob [Ao-^H, 



Prob 

^Lumped 
A 

Gi < Gj if and only if i divides j , 



Moreover, if the states of M£ mpea are linearly ordered as 



then the transition matrix T of A4^ mpe is given by 



( 1 

1-i 

p 








V 



1 - — — 

1 - 4r 



• 








\ 


• 










• 










J_ 










• 


1 







• 


J_ 

p n 


1 



Hence, 



Prob(A 07 H v )=(T k ) nl , 



from which it easily follows that 

Prob ^A ~*H^J>1 
for k > n + 2. 



1 fl 



p- 1 \p 



k—n 



s > 1 - 



i 



(p- i)p 2 
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10. Vintage Simon quantum hidden subgroup algorithms (QHSAs) 



We are now prepared to extend Simon's quantum algorithm to an entire class 
of QHSAs on finite abelian groups. 

Let 

ip : A — » S 

be a map from a finite abelian group A to a finite set S for which there exists a 
hidden subgroup K v , and hence, a hidden quotient group H v = A/K v . 

Following our usual convention, we use additive notation for the ambient group 
A and multiplicative notation for the hidden quotient group H v . 

As mentioned in section 2 of this paper, it follows from the standard theory of 
abelian groups (i.e., Theorem 1) that the ambient group A can be decomposed into 
the finite direct sum of cyclic groups Z mo , Z mi , . . . , Z me _ 1 , i.e., 

A = Z TOo © Z mi © ... © 'E me _ 1 , 

We denote respective generators of the above cyclic groups by 

do, ai, . . . , a£_i . 

Consequently, each character \ °f the ambient group A can be uniquely ex- 
pressed as 

£-1 / £-1 \ 

X : ^otjUj i — ► cxp 2ni£2aj-?- , 
3 =o \ 3 =o m i J 

where < yj < rrij for j = 0, 1, ...,£— 1. Thus, we have a one-to-one correspon- 
dence between the characters \ of A and ^-tuples of rationals (modulo 1) of the 
form 

' yo yi ye-i 



s mo mi rri£-i y 
where 

< yj < rrij, j = 0,1,... ,£-1 . 

As a result, we can and do use the following notation to refer uniquely to each and 
every character x of A 

X = Xivo. vi. "l-i ) ■ 



Definition 5. Let 



A — Z mo © Z mi ffi • • • © Z I7l£ _ 1 



&e a direct swm decomposition of a finite abelian group A into finite cyclic groups. 
Let 

a , oi, . . . , a„_i 

denote respective generators of the cyclic groups in this direct sum decomposition. 
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Then an integer matrix 

® = l a ij]kxn mod (mo, mi, . . . ,m„_i) 
is said to be a generator matrix of a subgroup K of A provided 

' n-l 

^aijOj | < i < k 
j=o 

is a complete set of generators of the subgroup K. 
A matrix of rationals mod 1 



si 



Vij 



mod 1 



is said to be a dual generator matrix of a subgroup K of A provided 

X ( m« yj^-i) , | < i < t \ 

\ m ' mi m n _i > J 

is a complete set of generators of the character group H of the quotient group 
H = A/K. 

Let M. v be the Markov process associated with the probability distribution 



Prob v : A 



[0,1] 



on the character group A of the ambient group A. 
Let < e < 1 be a chosen threshold. 
Then a vintage Simon algorithm is given below: 



Vintage Simon(<^, e) 



Step 1. Select a positive integer I such that 



Prob A [ A y H v ) < 1 - e 



Step 2. Initialize running dual generator matrix 

« = [ ] 



Step 3. Query the probability distribution Prob v £ times to obtain I characters (not 
necessarily distinct) of the hidden quotient group H v , while incrementing 
the running dual generator matrix 9). 
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Loop i From To £ - 1 Do 

Xim. m. y '("-D i = QRand^O 



Si 



Via 
too 



Vn 
mi 



55 



Loop Lower Boundary; 



Step 4. Compute the generator matrix © from the dual generator matrix $) by using 
Gaussian elimination to solve the system of equations 

n-1 

y^-x,=0modl 0<i<N 



for unknown modm^. 



Step 5. 



Output © and Stop. 



Part 5. Vintage Shor Algorithms 



11. Vintage Shor quantum hidden subgroup algorithms(QHSAs) 

Let <f : A — > S be a map with hidden subgroup structure. We now consider 
QHSPs for which the ambient group A is free abelian of finite rank n. 

Since the ambient group A is infinite, at least two difficulties naturally arise. 
One is that the associated complex vector space Ha is now infinite dimensional, 
thereby causing some implementation problems. The other is that the Fourier 
transform of a periodic function on A does not exist as a function 12 , but as a 
generalized function! 

Following Shor's lead, we side-step these annoying obstacles by choosing not 
to work with the ambient group A and the map if at all. Instead, we work with a 
group A and a map f : A — ► S which are "approximations" of A and if : A — ► 5, 
respectively. 

The group A and the approximating map f> are constructed as follows: 

12 As a clarifying note, let / : Z > C be a period P function on Z. Then / on Z is neither 

of compact support, nor of bounded L 2 or L 1 norm. So the Fourier transform of / does not exist 
as a function, but as a generalized function, i.e., as a distribution. However, the function / does 

induce a function / : Zp > C which does have a Fourier transform on Zp which exists as a 

function. The problem is that we do not know the period of ip, and as a consequence, cannot do 
Fourier analysis on the corresponding unknown finite cyclic group. 
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Choose an epimorphism 

fi : A — > A 

of the ambient group A onto a chosen finite group A, called a group probe. Next, 
select a transversal 

ly.-.A > A 

of /U, i.e., a map such that 

^ 01^ = id ^ , 

where id^, denotes the identity map on the group probe A. [Consequently, is 
an injection, and in most cases not a morphism at all.] 

Having chosen fi and t^, the approximating map <p is defined as 

<p = ip o t„ : A — ► S 



Although the map ip is not usually a morphism, the quantum subroutine 
QRand^() is still a well defined quantum procedure which produces a well defined 

probability distribution Prob^ (\) on the character group A of the group probe 
A. As we shall see, if the the map <p is a "reasonably good approximation" to the 
original map <p, then QRand^() will with high probability produce characters \ of 
the probe group A which are "sufficiently close" to corresponding characters 77 of 
the hidden quotient group H v . 

Following this basic strategy, we will now use the quantum subroutine QRand^() 
to build three classes of vintage Shor QHSAs, where the probe group A is a finite 
cyclic group Zq of order Q. In this way, we will create three classes of quan- 
tum algorithms which form natural extensions of Shor's original quantum factoring 
algorithm. 



12. Direct summand structure 

We digress momentarily to discuss the direct sum structure of the ambient 
group A when it is free abelian of finite rank n. 



Since the ambient group A is free abelian of finite rank n, the hidden subgroup 
K v is also free abelian of finite rank. Moreover, there exist compatible direct sum 
decompositions of A and K v into free cyclic groups 



K v = 



A = 



n direct summands 

where Pi, P n are non-negative integers, and where the inclusion morphism 
K v =P 1 Z®---®P n Z ^ Z0---9Z =A 
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is the direct sum of the inclusion morphisms 

PjZ ^ Z 

It should be mentioned that, since the group K v is hidden, the above direct 
sum decompositions are also hidden. Moreover, the selection of a direct sum 
decomposition of the ambient group A is operationally equivalent to a selection a 
basis of A. This leads to the following definition: 

Definition 6. A basis 

{ai,a 2 , • • • , a n } 

of the ambient group A corresponding to the above hidden direct sum decomposition 
of A is called a hidden basis of A. 

Question. How is the hidden basis {a\,a 2 , ■ ■ ■ ,a n } of A related to any "visible" 
basis {a[, a' 2 , . ■ . ,a' n } of A that we might choose to work with? 

The group of automorphisms of the free abelian group A of rank n is isomorphic 
to the group 

SL ± (n, Z) 

ofnxn invertible integer matrices. This is the same as the group ofnxn integer 
matrices of determinant ±1. 



Proposition 5. Let {a\, a 2 , ■ . . , a n } be a hidden basis of A, and let {a[,a' 2 , . . . , c 
be any other basis of A. Then there exists a unique element M £ SL± (n, Z) which 
carries the basis {a' l ,a' 2l ■ . ■ , a' n } into the hidden basis {a\, a 2 , ■ • ■ , a n }. 

Since the image of ip is finite, we know that Pj > 0, for all j. Thus, the direct 
sum decomposition of the inclusion morphism becomes 

A 



(PiZ e • • • e Pn 



As a consequence, the hidden quotient group H v is the corresponding direct 
sum of finite cyclic groups 

h v = (z Pl e • • • e z P j © (o © • • • © o) , 



and the hidden epimorphism 

v : (PiZ ®---®P w 2 
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is the direct sum of of the epimorphisms 

Z — > 

As a consequence of the above, we have: 
Definition 7. Let 

{ai,a 2 , ... ,a n } 

be a hidden basis of A. Then a corresponding induced hidden basis of the hidden 
quotient group H v is defined as 

{bi = v (ax) ,b 2 = v (a 2 ) , . . . ,bn = v (<%)} , 

where v : A — ► H v denotes the hidden epimorphism. 13 

The above direct sum decompositions are summarized in the following diagram: 

K v A 



©p,z © 0z ^ 0z © ©z ^ 5 

^=1 / \j=n+l / \j=l j \j=rT+l / 

n 

©^ 

3=1 



Definition 8. Let H be a finite abelian group. Then a maximal cyclic 
subgroup of H is a cyclic subgroup of H of highest possible order. 



Proposition 6. Let bi, b 2 , ■ ■ ■ , fan be the above defined induced hidden basis of 
the hidden quotient group H— = Zp x Zp 2 © • • • © Zp_. Then a maximal cyclic 
subgroup of H v is generated by 

h © b 2 © • • • © bn , 
and is isomorphic to the finite cyclic group Zp of order 

P = lcm(P u P 2 ,... ,P W ) . 



ia Please note that the hidden basis {ai , a2, • • ■ , <Jn } of A is free in the abelian category. How- 
ever, the induced basis {61 , 62 , • ■ ■ , bw] of H v is not because H v is a torsion group. {61 , 62 , ■ ■ • , hi} 
is a basis in the sense that it is a set of generators of H v such that 

6*i 6 * 2 ...&£« =1 

implies that 




for every j. (For more information, please refer to [20].) 
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13. Vintage Shor QHSAs with group probe A = Zq. 

Choose a positive integer Q and an epimorphism 

[i : A — ► Zq 

of the free abelian group A onto the finite cyclic group A = Z,q of order Q. 

Next we wish to select a transversal i M of the epimorphism fi. 

However, at this juncture we must take care. For, not every choice of the 
transversal will produce an efficient vintage Shor algorithm. In fact, most 
choices probably will produce highly inefficient algorithms 14 . We emphasize that 
the efficiency of the class of algorithms we are about to define depends heavily on 
the choice of the transversal i M . 

Following Shor's lead once again, we select a very special transversal i M . 

Definition 9. Let /i : A — > Zq be an epimorphism from a free abelian group 
A of finite rank n onto a finite cyclic group Zq of order Q, and let a be a chosen 
generator of the cyclic group Zq. 

A transversal 

l^:Zq — > A 
is said to be a Shor transversal provided 

1) (ha) i — > ki^ (a) , for all < k < Q , and 

2) There exists a basis {a[, a' 2 , ■ ■ ■ , a' n } of A such that, when (a) is expressed 
in this basis, i.e., when 



it follows that 



V («) = A X ' 

3=1 

gcd(Ai,^,... ,a;) = i 



Proposition 7. Let X[, X' 2 , . . . , X' n be n integers, and let M be a non-singular 
nxn integral matrix, i.e., an element of SL±(n,'L). If X±, X 2 , . . . , A„ are n 
integers defined by 

(X 1 ,X 2 ,... ,X n ) = (X' 1 ,X' 2 ,... ,X' n )M , 

then 

gcd(Ai,A 2 ,... ,A„) =gcd(Ai,A^,... ,X' n ) 
As a corollary, we have 



14 For example, consider A = Z, P = 6, Q = 64, and the transversal defined by t M : 6ra + fe i — > 

6n + fe + 64Lfe/2j for0<n<10, where/ °f*<« * ° 10 . One reason this is a 

— — 10<fc<4iin = 10 

poor choice of transversal is that the image of i M does not contain a representative of every coset 

of the hidden subgroup Zp of the ambient group A. 
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Proposition 8. If condition 2) is true with respect to one basis, then it is true 
with respect to every basis. 

An another immediate consequence of the definition of a Shor traversal, we 
have the following lemma: 

Lemma 1 . If a Shor transversal 

i ft : Zq — > A , 
is used to construct the the approximating map 

ft = <P ° V : Z Q — * & > 
then the approximating map ft has the following property 

ft(ka) = [ft (a,)] , 

for all < k < Q, where we have used the hidden injection l v : H v — ► S to 
identify the elements ft (ka) of the set S with corresponding elements of the hidden 
quotient group H v . 



14. Finding Shor transversals for vintage TLq Shor algorithms 

Surprisingly enough, it is algorithmically simpler to find a Shor transversal 
: Zq — > A first, and then, as an after thought, to construct a corresponding 
epimorphism fi : A — ► Zq. 

Definition 10. Let A be an ambient group, and let Zq be a finite cyclic group 
of order Q with a selected generator a. Then an injection 

i : Zq — ► A 

is called a Shor injection provided 

1) i (ka) = ki (a) , for all < k < Q, and 

2) There exists a basis {a[, a' 2 , ■ . ■ , a' n } of the ambient group A such that 

g cd(Ai,A^... ,a;) = i , 

where 

L(a) = jr\>a>. 

Proposition 9. If condition 2) is true with respect to one basis, it is true with 
respect to all. 

Next, we need to construct an epimorphism fx : A — ► Zq for which i : Zq — ► 
A is a Shor transversal. 
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Proposition 10. Let A be an ambient group, and let Zq be a finite cyclic 
group of order Q with a selected generator a. Given a Shor injection 

l:Zq — ► A , 

there exists an epimorphism 

Hi - A > Zq 

such that l is a Shor transversal for \x L , i.e., such that 

ftot = idi Q , 
where id% Q denotes the identity morphism on Zq. 

Proof. Select an arbitrary basis {a\,a! 2 , . . . , a' n } of A. Then 

n 

j=l 

where 

gcd(A' 1; A 2 ,... ,A;) = 1 . 
Hence, from the extended Euclidean algorithm, we can find integers 

ai,a 2 , ••• ,a n 

for which 
Define 

by 



5>A$ = 1 . 

M : {a[,a' 2 , ... ,a' n } — > Z c 



fj, (a'j) = aja , j = 1, 2, . . . , n. 

Since a[ , a' 2 , ■ ■ ■ , a' n is a free abelian basis of the ambient group A, it uniquely 
extends to a morphism 

fi : A — ► Z Q . 
It immediately follows that \i is an epimorphism because 

(n \ n 

3=1 ) 1 = 1 

□ 



Thus the task of finding an epimorphism /U : A — > Zq and a corresponding 
Shor transversal reduces to the task of finding n integers X[ , X' 2 , ■ ■ ■ , A^ such that 

gcd(Ai,A£,... ,a;) = i. 

This leads of to the following probabilistic subroutine which finds a random Shor 
traversal: 



Random_Shor_transversal( {a[,a' 2 , ■ ■ ■ , a' n } , Q, a, n) 
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# Input: A basis {a[, a' 2 , ■ . ■ , a' n } of A, a positive integer Q, 

# a selected generator a of A, and the rank n of A 

# Output: Shor transversal t M : Zq — > A 

# Side Effect: Epimorphism ^ : A — ► Zq 

# Side Effect: Random integers A' 1; A 2 , . . . , A^ 

Global: ^ : A — ► Zq 
Global: A' l7 A' 2 , . . . , A^ 



Step If n = 1 Then (Set X[ = 1 And Goto Step 4 ) 



Step 1 Select with replacement n random X[, X' 2 , ... , A^ from {1,2,... , Q}. 



Step 2 Use the extended Euclidean algorithm to determine 

rf = gcd(A' 1 ,A' 2 ,... X) 
and integers et\, a 2 , . . . , a„ such that Y^j=i a j^'j = ^ 



Step 3 If d + 1 Then Goto Step 1 



Else Goto 



Step 4 



Step 4 Construct Shor transversal t M : Zq — ► ^4 as (ka) — h^2™ =1 X'^a'p for 
< k < Q 



Step 5 Construct epimorphism fi : A — ► Zq as 

[i {a'j) = otja for all j = 1,2,.. . ,n 



Step 6 Output transversal ^ : Zq — ► A and Stop 



Theorem 7. Forn > 1, the average case complexity of the Random_Shor_transversal 
subroutine is 



O 



(n(lgQf 



PROOF. The computationally dominant part of this subroutine is the main 
loop Steps 1 through 3. 

Each iteration of the main loop executes the extended Euclidean algorithm 
n times to find the gcd d. Since the computational complexity of the extended 
Euclidean algorithm 15 is O ^(lgQ) 3 ^ , it follows that the computational cost of one 
iteration of steps 1 through 3 is 

OfnQgQ) 3 ) . 
But by Corollary 7 of Appendix B, 

Prob Q (gcd (Ai, A' 2 ,... ,X' n ) = l)=Cl(l) . 



5 See [11, Chap. 31]. 
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Thus, the average number of iterations before a successful exit to Step 4 is O (1). 
Hence, the average case complexity of steps 1 through 4 is 

0(n(lgQ) 3 ) . 

□ 



Remark 8. Our objective in this paper is to find reasonable asymptotic bounds, 
not the tightest possible bounds. For example, the above bound is by no means the 
tightest possible. For a tighter bound for the Euclidean algorithm is O ^(lgQ) 2 ^ 
which can be found in [11]. Thus, the bound found in the above theorem can be 
tightened to at least O (n(lgQ) 2 ) . 



15. Maximal Shor transversals 

Unfortunately, the definition of a Shor transversal is in some instances not 
strong enough to extend Shor's quantum factoring algorithm to ambient groups 
which are free abelian groups of finite rank. From necessity, we are forced to make 
the following definition. 

Definition 11. Let a\,a2, . . . ,a n be a hidden basis of the ambient group A, 
let a be a chosen generator the cyclic group probe Zq, and let H v = Zp 1 ® Zp 2 ® 
■ ■ - (BZp n be the corresponding hidden direct sum decomposition. A maximal Shor 
transversal is a Shor transversal t p : Zq — > A such that 

gcd(Xj,Pj) = 1, for 0<j<n, 

where the integers Ai, A2, . . . , A„ are defined by 

t M (a) = Aiai + A 2 a 2 + . . . , +A„a„ 



Remark 9. Thus, for maximal Shor traversals, (a) maps via the hidden 

epimorphism v : A ► A/K v to a maximum order element of the hidden quotient 

group H v . 

One of the difficulties of the above definition is that it docs not appear to be 
possible to determine whether or not a Shor transversal is maximal without first 
knowing the hidden direct sum decomposition of the hidden quotient group H v . 
We address this important issue in the following corollary, which is an immediate 
consequence of corollary 8 (found in Appendix B): 
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Corollary 3. Let 

P 1 ,P 2 ,... ,P n 

be n fixed positive integers, and let Q be an integer such that 

Q>\cm(P 1 ,P 2 ,... ,P n ) , 

where n > 1. 

If Conjecture 1 (found in Appendix B) is true, then the probability that the 
subroutine Random_Shor_transversal produces a maximal Shor transversal is 

1 



16. Identifying characters of cyclic groups with points on the unit 
circle S 1 in the complex plane C. 

We will now begin to develop an answer to the following question: 

Question. 1. Are the characters of the group probe Zq produced by the quan- 
tum subroutine QRand^Q "close enough" to the characters of a maximal cyclic 
subgroup of the hidden quotient group H v l 

If QRand^() produces a character x of Zq which is "close enough" to some 
character rj of a maximal cyclic subgroup Zp of the hidden quotient group H v , 
then the character \ can be used to find the corresponding closest character rj of 
Zp. Each time such a character r\ is found, something more is known about the 
hidden quotient group H v and the hidden subgroup K v . In this way, we have the 
conceptual genesis of a class of vintage Zq Shor algorithms. 

But before we can answer the above question, we need to answer a more fun- 
damental question, namely: 

Question. 2. What do we mean by "close enough"! I.e, what do we mean by 
saying that a character x of A = Zq is "close enough" to some character r/ of 
Zp? ' 

To answer this last question, we need to introduce two additional concepts: 

1) The concept of a common domain for the characters x of Zq and the char- 
acters 77 of Zp. 

2) The concept of a group norm which is to be used to define when two char- 
acters are "close." 

In this section, we address item 1). In the next, item 2). 

We begin by noting that the character group Z of the infinite cyclic group Z is 
simply the group S 1 , i.e., 

Z = S 1 = { X e ■ n 1 — ► e 2m6n \ < < 1} 

In other words, the characters of Z can be identified with the points on the unit 
radius circle in the complex plane C. 
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Moreover, given an arbitrary epimorphism 

t : Z — ► Z m 

of the infinite cyclic group Z onto a finite cyclic group Z m , the left exact contravari- 
ant functor 16 

ffom z (-,27rR/27rZ) 

transforms r into the monomorphism 

? : Z m — > Z 
?7 i — ► 7] o t 

In this way the characters of Z m can be identified with the points of Z = S 1 . 

Thus, to find a common domain S 1 for the characters of the group probe Zq 
and the maximal cyclic group Zp, all that need be done is to find epimorphisms 
fl : Z — ► Zq and f : Z — ► Zp. This is accomplished as follows: 

Let a be a generator of the infinite cyclic group Z, and let a\, ai, ■ ■ ■ ,a n be a 
hidden basis of the ambient group A. Then the epimorphisms Jl and r are defined 

as 

ju : Z — ► Zq a ^ t : Z — > Zp 

fca i — ► fca fca i — ► ^ [fc (ai + 02 + . . . + a n )] ' 

where a is the selected generator of the group probe Zq , and where v : A — > H v 
is the hidden epimorphism. 

Thus, as a partial answer to Question 2 of Section 16, a character \ °f the 
probe group A = Zq is "close" to some character 77 of the maximal cyclic subgroup 
Zp H v = Q) l j = ^JLpj if the corresponding points ji (x) and r (ij) on the circle S 1 arc 
"close." 

But precisely what do we mean by two points of S 1 being "close" to one another? 
To answer this question, we need to observe that Shor's algorithm uses, in addition 
to the group structure of S 1 , also the metric structure of S 1 . 

17. Group norms 

We proceed to define a metric structure on the circle group S 1 . To do so, we 
need to define what is meant by a group norm. 



Definition 12. A (group theoretic) norm on a group G is a map 

HI-HI :G — >R 

such that 

1) IIMH > 0, for all x, and \\\x\\\ = if and only if x is the group identity 
( which is 1 if we think of G as a multiplicative group, or if we think of 
G as an additive group). 



3 For the definition of a left exact contravariant functor, please refer to, for example, [7]. 
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2) |||a; ■ y\\\ < \\\x\\\ + \\\y\\\ or \\\x + y\\\ < \\\x\\\ + \\\y\\\ , depending respectively 
on whether we think of G as a multiplicative or as an additive group. 



Caveat. The group norms defined in this section are different from the group 
algebra norms defined in Section 5. 

Remark 10. Such a norm induces a metric 

GxG — >R 
(x,y) i — ► |||x • or \\\x - y\\\ 

depending on whether multiplicative or additive notation is used. 

As mentioned in Section 4, we think of the 1-sphere S 1 interchangeably as the 
multiplicative group 

gi = | e 2«a | o < a < 1} c C 
with multiplication defined as 

or as the additive group of reals R modulo 27r, i.e., as 

S 1 = 27rM/27rZ = {27ra | < a < 1} 

with addition defined as 

2rra + 2tt/3 = (27ra + 2tt/3) mod 2rr = 2tt (a + [3 mod 1) 

It should be clear from context which of the two representation of the group S 1 is 
being used. 



Arc Metric 




Figure 2. Two metrics on the unit circle S 1 , ArC27t and CHORD 27r . 
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There are two different norms on the 1-sphere S 1 that we will be of use to us. 
The first is the arclength norm, written ARC 27r , defined by 

ARC 27r (a) = 27rmin{ \a\ - [\a\\ , \\a\] - \a\ } , 

which is simply the length of the shortest arc in the 1-sphere 8 1 connecting the 
point e 2T " Q to the point 1. 

The second norm is the chordal length norm, written CHORD 27r , defined by 

Chord 2t (a) = 2 | sin (na)\ , 

which is simply the length of the chord in the complex plane connecting the point 
e 2via to the point 1. 

Shor's algorithm depends heavily on the interrelationship of these two norms. 
We summarize these interrelationships in the following proposition: 



Proposition 11. The the norms ARC 27r and CHORD 27r satisfy the following 
conditions: 

1) Chord 27I . (a) = 2 sin (iARC 27r (a)) 

2) |ARC 27r (a) <Chord 2t (a) <ARC 27r (a) 



We need the following property of the arclength norm Arc 2t : 

Proposition 12. Let n be a nonzero integer. If ARC 27r (a) < then 
Arc 2t (na) = |n|ARC 2w (a) 



18. Vintage Z Q Shor QHSAs (Cont.) 

Our next step is to look more closely at the probability distribution 

Prob^ : A — ► [0, 1] . 

We seek first to use this probability distribution to determine the maximal 
cyclic subgroup Zp of the hidden quotient group H v . However, as indicated by 
the following lemma, there are a number of obstacles to finding the subgroup Zp. 
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LEMMA 2. Let ai, ... , a n denote a hidden basis of the ambient group A = 
0™ =1 Z, and let Pi,P 2 ,... ,Pn denote the respective orders of the corresponding 

cyclic direct summands of the hidden quotient group H v = ®" =1 Z^Pj • 

Let a denote a chosen generator of the group probe A — TLq, and let Ai, A2, . . . , A„ 
denote the unknown integers such that 

n 
3 = 1 

Finally, use the hidden injection l v : H v — ► S to identify the elements of the 
hidden quotient group H v with the corresponding elements of the set S. 

If the approximating map Hp is constructed from a Shor transversal, then the 
order of<p(a) <E H v is P, i.e., 

order (<p (a)) = P , 

where P = lcm (Pi, P 2 , ■ . ■ , P n ), and where Pj = Pj/ gcd (Xj,Pj) for j = 1, 2, . . . , n. 
Hence, 

|^(fca) = ip{a) k I < k < Pj 

are all distinct elements of S. 

Moreover, if the approximating map tp is constructed from a maximal Shor 
transversal, P = P = 1cm (Pi , P2, . . . , P n ) . 

Proof. 

% (a) = <p o Lfl (a) = <p X 3 a j ) = II ^ ( a ^ Xj = II h ) 3 ' 

\ 3 ) 3 3 

where we have used the hidden injection l v : H v — > S to identify the hidden basis 
element bj of H v with the element <p(aj) of the set S. 

Since the order of each bj is Pj, it follows from elementary group theory that 
the order of . b^° must be P. □ 



Lemma 3. Let a\, ... , a n be a hidden basis of the ambient group A = 0™ =1 Z, 
and let P\, P 2 , ■ ■ ■ ,P n denote the respective orders of the corresponding cyclic direct 
summands of the hidden quotient group H v = ©™ =1 ^p j ■ 

Let a denote a chosen generator of the group probe A = 7Lq, let \\, A2, . . . , A„ 
denote the unknown integers such that 

n 

= ^2 X 3 a 3 e A > 

3 = 1 

and let XjL be a character of TLq. 

Finally, identify the elements of the hidden quotient group H v with the corre- 
sponding elements of the set S via the hidden injection t v : H v — ► S. 

If the approximating map tp is constructed from a Shor transversal, then 
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When Py ^ mod Q, we have 



. Ty Chords « + l ) ^ 
V W Chord 2 .(^) fetT'o 77 



-p CHORD 27r f %tq) 

Chords,, (^J 



- Q 

fco=r 



where P = lcm (Pi, P 2 , ■ ■ ■ ,P n ), where Pj = Pj/ gcd (Xj, Pj) for j 



1,2,... , n, and where 



Q = qP + r, with < r < P. 
And when Py — OmodQ; we have 



r-1 P-1 

¥>(x|) = (9+1) E X% {k a) p (k a) + q ^ X% {k a) Ip (k a) 



ko—0 ko—r 

Moreover, if the approximating map tp is constructed from a maximal Shor 
transversal, then P = P = lcm (Pi, P 2 , • • • , P n )- 

PROOF. We begin by identifying the elements of the hidden quotient group H v 
with the corresponding elements of the set S via injection l v : H v — > S. 



We first consider the case when Py ^ OmodQ. 
Then 

<P (xlj = <P E x f ( ka ) ka ) = E*t ( ka )v(ka) 

\k=0 ) fe=0 



qP-1 Q-l 

E*$ ( k a)v{a) k + J2x^(ka)lp(a) k 

fe=0 k=q p 



= EE** [(kiP + k )a]^[at P+ka + ][>* [(hP + *o) a] <p [a] klP+k ° 

ki—0ko—0 no— 

From Lemma 2 we have 
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^fci=0 / fc =0 



r-1 

V _ 



+ Xi (gP5) E** (fcoS)^(S) fco 

k =0 



= (l>4 (fcoS)^(S) feo 
\fei=0 / fe =o 

/ 9-1 \ 7-1 



+ ( E** [( k iP)*]) E**^)^ 



'^^(,+ 1) _ j\ r-l 



i E^§ (fcoa)^(fcoa) 
e o — 1 / fe =o 



+ ~ T - ^ I E** (fcoS)^(fcoS) 



'■^(9+1) r-l 



Fj e Q ^ ' - e Q 



Ex^ (M) (M) 



T^~T E*<? (fcoa)^(fcoa) 

sin V~Q ) J k °=° 

/ S in (TT^-q) \ ^-i 
For the exceptional case when Py = OmodQ, we need only observe that 

q 5-1 

E X% [(kiP) a] = q + 1 and E X% ( fc i P ) a = q . 

fei=0 fei=0 



As an immediate consequence of above lemmas 2 and 3, we have: 



□ 
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Corollary 4. If the approximating map ip is constructed from a Shor transver- 
sal, then 



rCHORDLf^y(9+l)l+(^-'-)CHORDLf-9 i y«j — 



ChordL(^) 



ifPy^O mod Q 



r(q + i f + (P - r) q 2 if Py = mod Q 

Moreover, if the approximating map tp is constructed from a maximal Shor 
transversal, then P = P = 1cm (Pi, P2, . . . , P n ). 



As a consequence of the inequalities found in Proposition 11, we have: 



Corollary 5. If the approximating map tp is constructed from a Shor transver- 
sal, then when Py ^ mod Q we have 



(4) 



2 4 
> — 



rARC^ 






+ (P-r) Arc| w 








Arc| w 


(t) 





Moreover, if the approximating map tp is constructed from a maximal Shor 
transversal, then P = P = 1cm (Pi, P 2 , 



,Pn) 




Figure 3. The characters of Zp and 1q as points on the circle S 1 of radius 1, 
with P — 3 and Q — 8. The characters xi, X3/81 X5/8 °f are close respectively 
to characters xi, X 1 > X£ °f ^P • They are the characters of Arc^tt distance less 

than § I 1 — from some character of Zp. Also, \ i_ and %2 are the primitive 
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characters of Zp. Unfortunately, since Q ^ P 2 , the characters xz/s, an d X5/8 °f 
Zq are not sufficiently close respectively to the primitive characters x± an d X|, 
of Zp. Hence, the continued fraction algorithm can not be used to find P. 



19. When are characters of A = Zq close to some character of a 
maximal cyclic subgroup Zp of H v ? 

Definition 13. Let Z Pl ® Zp 2 • • • 7L Pn be the hidden direct sum decom- 
position of the hidden quotient group H v , and let P = lcm (Pi, P2, . . . ,P n )- A 
character XjL of the group probe Zq is said to be close to a character of the max- 
imal cyclic subgroup Zp of the hidden quotient group H v provided either of the 
following equivalent conditions are satisfied 

Closeness There exists an inteqer d such that 
Condition 1 

AEC2 - (I - ?) 5 5 "5 

or equivalently, 

Closeness 
Condition 1' 

// in addition, Q > P 2 , then the the character x_w of Zq is said to be 
sufficiently close to a character of the maximal cyclic subgroup Zp. 

It immediately follows from the theory of continued fractions [21, 33] that 

Proposition 13. If a character x_« of Zq is sufficiently close to a character 
Xj_ ofZp, then ^ is a convergent of the continued fraction expansion of ^. 

However, to determine the sought integer P from the rational -p, the numerator 
and denominator of -p must be relatively prime, i.e., 

gcd(d,P) = l . 

This leads to the following definition: 

Definition 14. A character x± of Zp is said to be primitive provided that 
it is a generator of the dual group Zp. 



Proposition 14. A character x± of Zp is a primitive character if and only 
gcd (d, P) = 1. Moreover, the number of primitive characters o/Zp is <j) (P), where 
4>{P) denotes Euler's totient function, i.e., the number of positive integers less than 
P which are relatively prime to P. 
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Theorem 8. Assume that Q > P 2 , and that the approximating map ip is con- 
structed from a maximal Shor transversal. Then the probability that QRAND^Q 
produces a character of the group probe Zq which is sufficiently close to a primi- 
tive character of the maximal cyclic subgroup Zp of the hidden quotient group H v 
satisfies the following bound 



Probr, 



X sufficiently close to some 
primitive character ofLp 



> 



,(P) 



Proof. Let be a particular character of the group probe Zq which is 
sufficiently close to some character of the maximal cyclic subgroup Zp. We now 
compute the probability that QRand^ () will produce this particular character. 



for 



So 



First consider the exceptional case when Py = OmodQ. Using the expression 

2 

<P' 



(*5 
(**) 



given in Corollary 5, we have 



= r (q + l) 2 + (P - r) q 2 > Pq 2 = P 



Q 



>^(Q-Pf ■ 



Prob^ 



(4) 



Q 2 



i p(Q-py = ]_(,_py > ±i (, _ 

- P Q 2 P\ QJ ~ tt 2 P\ Q, 



Next consider the non-exceptional case when Py =/= OmodQ. 
In this case, Proposition 12 can be applied to both terms in the numerator 
of the expression given in Corollary 5. Hence, 



(4) 



2 4 
> — 



rARC^ 




+ 1)" 


+ (P-r) ArcL 


Py 

.~Q yq . 






Arc 


2 

2tt 


0») 





> 



4 (r(q + l) ArcL 



Py v 
Q y 



(P-r)q 2 ARC 2 „ 



Py v 
Q y 



ARC 27r 



> —r(q+l) 2 + — {P-r) q 2 > rq 2 + ^ (P - r) q 2 



>^ 2 = ^UQ-rf>~(Q-P) 2 

TT TT r IT r 



Thus, 
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So, in either case we have 

We now note that there is one-to-one correspondence between the characters of 
Zp and the sufficiently close characters of Zq. Hence, there are exactly <f> (P) char- 
acters of the group probe Zq which are sufficiently close some primitive character 
of the maximal cyclic group Zp. The theorem follows. □ 



The following theorem can be found in [21, Theorem 328, Section 18.4]: 



Theorem 9. 

<f>(N) 



lim inf ■ 



N/lnhiN 

where 7 denotes Euler's constant 7 = 0.57721566490153286061 ... , and where 
e -7 = 0.5614594836 .. . . 



As a corollary, we have: 

Corollary 6. Prob^ (% sufficiently close to some primitive character of Zp) 
is bounded below by 

4 e-T-e(P) / P\ 2 

lgigQ 'V~q) ' 

where e (P) is a monotone decreasing sequence converging to zero. In terms of 
asymptotic notation, 

Prob^ (x sufficiently close to some primitive character ofZp) = 
For a proof of the above, please refer to [33, 43]. 




20. Summary of Vintage Z Q Shor QHSAs 

Let ip : A — ► S be a map with hidden subgroup structure with ambient group 
A free abelian of finite rank n, and with image of ip finite. Then as a culmination 
of the mathematical developments in sections 11 through 19, we have the following 
vintage Zq Shor QHSA for finding the order P = lcm(Pi,P2, • • • ,Pn) of the 
maximum cyclic subgroup Zp of the hidden quotient group H v = ©™ =1 Zp r A 
flowchart of this algorithm is given in Figure 4. 



VlNTAGE_SHOR((y9, Q, n) 



# Input: (p : A 



S and Q and rank n of A 
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# Output: P = lcm (Pi, P 2 , . . . P n ) if hidden quotient group 

# is h v = e; =1 Z Pj 



Step 1 Select a basis a[, a' 2 , . . . , a' n of A and a generator a of Zq 



Step 2 : — ► A) = Random_Shor_transversl( {ai, a' 2) . . . , a^} , Q, a, n ) 



Step 3 Construct </? = o t M : Zq — ► 5 



Step 4 = QRand^ () 



Step 5 



(<T, P") = (0, 1) # 0-th Cont. Frac. Convergent of % 

{d',P') = (l, f j) # 1-th Cont. Frac. Convergent of ^ 
Inner Loop 

(Saved' ,Save_P') = (d',P') 

(d', P') = Next_Cont_Frac_ConvergEnt^, (d', P') , (d", P")) 
(d",P") = (Saved 1 , Save J 3 ') 

If ip (P'a^ = <p (0) for all j = 1,2,... ,n Then Goto | Step~6~ 



lF W = q Then Goto Ste P 2 



Inner Loop Boundary 



Step 6 Output P' and Stop 
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Vintage_Shor( <p , Q, n) 

Select basis i a 'j 3 of A gen. a of Z 



Lfl = Ran_Shor_Transv({a'. } , Q , a, n ) 




Figure 4. Flowchart for Vintage TLq Shor QHSA. This is a Wandering Shor 

algorithm. 



21. A cursory analysis of complexity 

We now make a cursory analysis of the algorithmic complexity of the vintage 
Zq Shor algorithm. By the word "cursory" we mean that our objective is to find 
an asymptotic bound which is by no means the tightest possible. 

Our analysis is based on the following three assumptions: 

• Assumption 1. Conjecture 1 (found in Appendix B) is true. 

• Assumption 2. is of complexity O in 2 (lgQ) 3 ) . 
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Assumption 3. The integer Q is chosen so that Q = 2 L > P 2 , where 
P = lcm(P u P 2 ,... ,P n ). 



The following theorem is an immediate consequence of Assumption 2. 
Theorem 10. Let 

be a map from the cyclic group Zq to a set S, where Q — 2 L . 
If Up is of algorithmic complexity 

o(n 2 (i g g) 3 ) , 

then the algorithmic complexity of QRand^ () is the same, i.e., 

o(n 2 (lgQ) 3 ) 

PROOF. Steps 1 and 3 are each of the same algorithmic complexity as the 
quantum Fourier transform 17 , i.e., of complexity O ^(lgQ) 2 ^. (See [36, Chapter 
5].). Thus the dominant step in QRand^ () is Step 2, which is by assumption of 
complexity O {n 2 (lgQ) 3 ). □ 

The complexities of each step of the vintage Zq Shor algorithm are given below. 
An accompanying abbreviated flow chart of this algorithm is shown in Figure 5. 



Step 1 Step 1 is of algorithmic complexity is O (n) . 



Step 2 By theorem 7 of section 14, Step 2 is of average case complexityO yn (lg Q) 
By corollary 8 of Appendix B, the probability that this step will be success 
ful, i.e., will produce a maximal Shor transversal, is f2 ^ T^TgQ ) ) ■ 



Step 3 Step 3 is of algorithmic complexity O (n). 



Step 4 By theorem 10 given above, Step 4 is of algorithmic complexity O (n 2 (lg Q) 

By corollary 6 of section 19, the probability (given that Step 2 is successful) 
that this step will be successful, i.e., will produce a character sufficiently 
close to a primitive character of the maximal cyclic group Zp is ( lgl gg ) • 



Step 5 This step is of algorithmic complexity O (n(lgQ) 3 ^. (Sec, for example, 
[30].) 



17 If instead the Hadamard- Walsh transform is used in Step 1, then the complexity of Step 1 
isO(lgQ). 
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Step 6 For Step 5 to branch to this step, both Steps 2 and 4 must be success- 
ful. Thus the probability of branching to step 6 is Probs uccess (Step 2) • 

Prob success (Step 2) = fl f (j^q 



Since the Steps 2 through 5 loop will on average be executed O ^(lglg<5)™ +1 ^ 
times, the average algorithmic complexity of the Vintage Zq Shor algorithm is 
O (n 2 (logQ) 3 (lglg<2)" +1 ^ . (This is, of course, not the tightest possible asymp- 
totic bound.) We formalize this analysis as a theorem: 



Stepl O(n) 



IStep 2| 



n 



0(n(lgQr ) 

Succ Ig Ig Q 



Step 3 Q( n) 



ISteMl 0(n 2 (lgQ) 3 ) 

Prob = Q(— - ) 

Succ iiV IglgQ ' 

Step 5 0(ll(lgQ) 3 ) 




Exit to Step 6 if 
Steps 2 & 4 succeed 



Figure 5. An abbreviated flowchart of the vintage Zq Shor Algorithm. The 
probability of a successful exit to Step 6 is SI ^ ( i g i g q ) ^ ■ Hence, the average 

number of times Steps 2 through 5 are executed is O ^(lglgQ)" +1 ) • 



Theorem 11. Assuming the three assumptions given in section 21, the average 
algorithmic complexity of the Vintage Zq Shor algorithm for finding the maximal 
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cyclic subgroup Zp of the hidden quotient group H^p — ^Dj— 1 ^Pj ^ 

0(n 2 (lgQ) 3 (lglg0r +1 ) 



22. Two alternative vintage Zq Shor algorithms 

As two alternatives to the algorithm described in the last two sections, we 
give below two other vintage Zq Shor algorithms. Unlike the above described 
algorithm, these two alternative algorithms do not depend on finding a maximal 
Shor transversal. The first finds the order of the maximal cyclic subgroup Zp of 
the hidden quotient group H v . The second finds the entire hidden subgroup K v . 
Flowcharts for these two quantum algorithms are given in Figures 6 and 7. 

An optimal choice for the parameter K of the following algorithm is not known 
at this time. 



Alternative1_Vintage_Shor(v?, Q, n, K) 



Step 1 



Step 2 



Step 3 



Step 4 



# Input: ip : A — > S, Q, rank n of A, and number of 

# inner loop iterations K 

# Output: P = 1cm (Pi, P 2 , . . . P n ) if hidden quotient group 
# \aH v = e; =1 Zp 3 

Set P = 1 

Select a basis a[, a' 2 , ■ ■ ■ , a' n of A and a generator a of Zq 
Outer Loop 

Inner Loop for K iterations 
Step 5 {tfj,: Z Q — > A) = RAND_SHOR_TRANSVR({a' 1 , a' 2 , . . . , a' n } , Q, a, n) 
Construct = ip o : Zq — > S 
X jl = QRand^ () 



Step 6 



Step 7 



Step 8 (d", P") = (0, 1) # 0-th Cont. Frac. Converg. of ^ 



(d',P>) 



1, f J) # 1-th Cont. Frac. Converg. of ^ 
Innermost Loop 

{Save-d 1 , Save_P') = {d 1 , P') 

(d 1 , P') = Nxt_Cont_Frac.Convrg(^, (d', P') , (d", P")) 
{d", P") = (Saved', Save J 3 ') 



If <p (P'if, (a)) = ip (0) Then Goto Step 9 
If 4 



^ Then Goto 



Step 4 



Innermost Loop Boundary 
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Step 9 P = 1cm (P, P') 



Step 10 



Inner Loop Lower Boundary 



Step 11 If ip (Paj) = tp (0) for j = 1,2,... ,n Then Goto Step 13 



Step 12 



Step 13 



Outer Loop Lower Boundary 

Output P' and Stop 

Altl_Vintage_Shor( <p, Q, n, K) 



j Select basis ? a j } of A & gen, a of 



Iter = 



= Ran_Shor_Transv( {a*. ] , Q ,3, n ) 



(p= <p„t 



X _ = QRancI ~ ( ) 
y/Q <p 



,p"), (d',n] = [(o,d, a,L y/Q J >] 



[(d",P"), (d',P*)] =Next_CFC:[(d",P'*), (d',P')] I 




YES 



(stojj) |Output P'| 



Figure 6. The First Alternate Vintage Zq Shor QHSA. This is a Wandering 

Shor algorithm. 
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The following wandering Shor algorithm actually finds the entire hidden quo- 
tient group H v , and hence the hidden subgroup K v : 



Step 1 



Step 2 



Step 3 



Step 11 



Step 12 



Alternative2_Vintage_Shor((/?, Q, n) 



# Input: ip : A — > S, Q, rank n of A 

# Output: A matrix (5 with row span equal to the 
# hidden subgroup K v = Pj% 

Set © = [ ] and NonZeroRows = 

Select a basis a[, a' 2 , . ■ . , a' n of A and a generator a of Zq 

Outer Loop Until NonZeroRows = n 



Step 4 Zq — ► A) = RANSHORTRANSVRSL({a^, a! 2 , 
Construct <p — <p o : Zq — ► S 



,a' n },Q,a,n) 



Step 5 



Step 6 



QRands () 



Step 7 



(cT, P") = (0, 1) # 0-th Cont. Frac. Converg. of * 

(d',P') = (l, f J) # 1-th Cont. Frac. Converg. of % 
Inner Loop 

(Save_d', Save_P') = (d' , P') 

(d', P') = NextContFracConverg(^, (d\ P') , (d", P")) 
(d",P") = (Save.d',SaveJ 3 ') 



If ip (P't M (a)) = </? (0) Then Goto Step 8 



If A. = ^ Then Goto Step 11 



Step 8 







p'a; p'\' 2 



Inner Loop Boundary: Continue 
... P'X' n 

Step 9 = Put_In_Echelon_Canonical_Form((S) 
Step 10 NonZeroRows = Number_of_Non_Zero_Rows((5) 
Outer Loop Lower Boundary: Continue 
Output matrix © and Stop 
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Alt2 Vintage_Shor( p , Q, n , K) 



Q- = [ ] & #NonZeroRows = & Iter = 



Select basis {a \ } of A & gen. a of ^ n 



1^ = Ran_Shor_Transv( {a^ } , Q , a, n ) 



X = QRand „ ( ) 
y/Q ^ 

I 



[(d-,p-), (d',p')] =[(o,D,(i,Ly y 9l)] 




NO YES 



P , \,P , X 2 ,-.P'X' n 



^ = Echelon_Canonical( ) 



#NonZeroRows = NumNonZeroRows( ) 



liter = Iter + 1 



Iter = K 
NO OR yes 

#NonZeroRows 



Output Q. _(sto^) 



Figure 7. The Second Alternate Vintage Zq Shor QHSA. This is a Wandering 

Shor algorithm. 
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Part 6. Epilogue 



23. Conclusion 

Each of the three vintage Zq Shor QHSAs created in this paper is a natural 
generalization of Shor's original quantum factoring algorithm to free abelian groups 
A of finite rank n . The first two of the three find a maximal cyclic subgroup Zp 
of the hidden quotient group H v . The last of the three does more. It finds the 
entire hidden quotient group H v . 

We also note that these QHSAs can be viewed from yet another perspective as 
wandering Shor algorithms on free abelian groups. By this we mean quantum 
algorithms which, with each iteration, first select a random cyclic direct summand Z 
of the ambient group A and then apply one iteration of the standard Shor algorithm 
on Z to produce a random character of the "approximating" group A = Zq. 

From this perspective, under the assumptions given in section 21, the algorith- 
mic complexity of the first of these wandering QHSAs is found to be 

0(n 2 (lgQ) 3 (lglgQ)" +1 ) . 
Obviously, much remains to be accomplished. 

It should be possible to extend the vintage Zq Shor algorithms to quantum 
algorithms with more general group probes of the form 

m 

for m > 1. This would be a full generalization of Shor's quantum factoring algo- 
rithm to the abelian category. 

It is hoped that this paper will provide a useful stepping stone to the construc- 
tion of QHSAs on non-abelian groups. 
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We give a brief summary of those aspects of the theory of continued fractions 
that are relevant to this paper. (For a more in-depth explanation of the theory of 
continued fractions, please refer, for example, to [21] and [31].) 

Every positive rational number £ can be written as an expression in the form 

C = ft oH — ± , 

a\ H ; 

a 2 H 

a 3H — 

...+ — 
a N 

where ao is a non-negative integer, and where oi,... , a^v are positive integers. 
Such an expression is called a (finite, simple) continued fraction, and is uniquely 
determined by £ provided we impose the condition a N > 1. For typographical 
simplicity, we denote the above continued fraction by 

[ao, oi, . . . , a^v] • 

The continued fraction expansion of £ can be computed with the following 
recurrence relation, which always terminates if £ is rational: 

ao = L£J f = U/£nJ 

, and if £„ ^ 0, then < 



The n-th convergent (0 < n < N) of the above continued fraction is defined 
as the rational number given by 

£n = [ao, ai, . . . , a n ] . 

Each convergent £„ can be written in the form, £n = — , where p n and q n are 
relatively prime integers ( gcd (p„, q n ) = 1). The integers p n and q n are determined 
by the recurrence relation 



Pa 


= ao, 


Pi 


= aia - 


h 1, 


= a„p„_i +p„_2, 


qo 


= 1, 


qi 


= ai, 


9n 


= a n q n -i + 9n-2 • 



The subroutine 

Next_Cont_Frac_Convergent 

found in the vintage Zq Shor algorithm given in section 20 is an embodiment of 
the above recursion. 

This recursion is used because of the following theorem which can be found in 
[21, Theorem 184, Secton 10.15]: 
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If 



Theorem 12. Let £ be a real number, and let d and P be integers with P > 0. 



d_ 

p 



< 



2P 2 ' 



then the rational number d/P is a convergent of the continued fraction expansion 
oft 



26. Appendix B. Probability Distributions on Integers 

Let 

Prob Q : {1, 2, . . . ,Q} — ► [0, 1] 

denote the uniform probability distribution on the finite set of integers {1,2,... , Q}. 
Thus, the probability that a random integer A from {1,2,... , Q} is divisible by a 
given prime p is 

p roMp|A) =i2Ma, 

where ' [—J ' denotes the the floor function. 

The limit Proboo , should it exist, of the probability distribution Probg as Q 
approaches infinity, i.e., 

Proboo = hm Proboo , 

Q >oo 

will turn out to be a useful tool. Since Proboo is not a probability distribution, we 
will call it a pseudo-probability distribution on the integers Z. It immediately 
follows that 

Proboo ( p\ A ) = -. 

P 

In this sense, we say that the pseudo-probability of a random integer A e Z being 
divisible by a given prime p is 1 /p. 

Theorem 13. Let n be an integer greater than 1. Let A'^A^,... , X' n , be 
n integers selected randomly and independently with replacement from the set 
{1,2,... , Q} according to the uniform probability distribution. Then the probability 
that 

gcd(Ai,^,... ,a;) = i 

is 

Prob Q (gcd (A' l5 X' 2 , . . . , A;j = *) = X> ( fc ) (^p) " > 

where ' [—\ ' and '/j, (— ) ' respectively denote the floor and Mobius functions. 
Moreover, 

Proboo (gcd (A' 1; A' 2 , . . . , A;) = l) = C (n)- 1 , 
where Q (n) denotes the Riemann zeta function ( (n) = J2kLi W- 
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Proof. Let PrimesQ denote the set of primes less than or equal to Q. 
For each prime p and integer < j < n, let A p j denote the set 



Since 



we have 



A pj = {t e{l,...,Q} n :p\Xj} . 



71 

f| ifivi = { ^ € {1, . . . , Q} n : Vp3j p | Ajj 

pG Primes Qj — 1 



Prob Q (gcd (Ai, A 2) . . . , A„) = 1) = Prob Q f] \J A PJ , . 

\ pePrimeSQ 3 = 1 

where A p j denotes the complement of A p j. 



We proceed to compute ProbQ f] (J A p j by first noting that: 

\pGPrimeSQ j=l J 



pr ° b Q n u )= 1 - pr ° h Q u n ^ 

\ pdPrimeSQ j=l J \pePrimeSQ j = l 

So by the inclusion/exclusion principle, we have 



pr ° b Q ( u n ^ 

ip^PrimesQ j—1 



y: (-if 1 prob Q ( n n ^ 



SQPrimesQ 

S^0 



x: (-i) isi p™6 Q ( n n ^ 



SQPrimesQ 

S^0 



Since the Aj's are independent random variables, we have 



Moreover, it follows from a straight forward counting argument that 



Prob Q ^~)A p )j = 


Q/]Jp 


IQ 




pes 





from which we obtain 

(n \ n 

n n ^3 )= u 
3=1 pes J 3=1 



Q/Up 


IQ= ^ 


Q/Up 


pes 




pes 



IQ 
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Thus, 



prob Q \ n u^]= e 



Q/Rp 

pes 



IQ 



This last expression expands to 

p<q V <5 / p< P '<q V Q / p<p'< P "<Q ^ *5 

p Prime PiP ' Prime P,p',p" Prime 



+ 



which can be rewritten as 



fc=i 



since fi(k) = for all integers that are not squarefree. 

The last part of this theorem follows immediately from the fact that 

(See [40], [42], or [21].) 



□ 



COROLLARY 7. Lef n &e an integer greater than 1, and let X[, X' 2 , ... , X' n be n 
integers randomly and independently selected with replacement from the set {1, 2, . . . , Q} 
according to the uniform probability distribution. Let M be a fixed element of the 
group SL± (n, Z) of invertible n x n integer matrices. Finally, let Ai, A2, . . . , A„ 
be n integers given by 

(\ \ \ \tr anspo.se _ tl / t/\I \f -.transpose 

(Ai, A 2 , . . • , A n ) — M (A 1; A 2 , . . • , A n ) 

Then the probability that 

gcd(Ai,A 2 ,... ,A„) = 1 

is 

Prob Q (gcd (Ai, A 2 , . . . , A n ) = = f> (k) (^yj^j " , 

where ' [— J ' and 'fx (— ) ' respectively denote the floor and Mobius functions. 
Moreover, 

Proboo ^gcd (Ai, A 2 , . . . , A n ) = 1^ = C H" 1 , 

where £ (n) denotes the Riemann zeta function £ (n) — X^feli pr- Hence, 

Prob Q (gcd(X u X 2 ,... ,A„) = 1^ =fi(c(n) _1 ) =0(1) 

PROOF. This corollary immediately follows from the fact that the gcd is in- 
variant under the action of SL± (n, Z). □ 
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Remark 11. We conjecture that a stronger result holds, namely that the func- 
tion ( (n)^ 1 is actually a lower bound for ProbQ ^gcd (Ai, A2, . . . , A„) = 1^ for 
Q>n. 



Wc need to make the following conjecture to estimate the algorithmic complex- 
ity of Vintage Zq algorithms, also called wandering Shor algorithms. 

Conjecture 1. Let n be an integer greater than 1, let Pi, P2, . ■ ■ ,P n ben fixed 
positive integers, and let X\ , A 2 , ■ ■ ■ , X' n be n integers randomly and independently 
selected with replacement from the set {1, 2, . . . , Q} according to the uniform prob- 
ability distribution. Let M be a fixed element of the group SL± (n, Z) of invertible 
n x n integral matrices, and let 

(Ai, A 2 , . . . , A n ) = M (X[, X' 2 , . . . , X' n ) 

Then the conditional pseudo-probability 

gcd(Ai,A 2 ,... ,A„) = 1 



Proboo (gcd(A J -,P j ) = 1 Vj 

is given by 



H " TTv (Pj) 



Pi 



n- 



n (i-!>-) Pi 

p Prime 

pllcmtPj P„) 

where ((—) and <p(—) denote respectively the Riemann zeta and the Euler totient 
functions. 



Plausibility Argument. (This is not a proof.) 

We treat Proboo as if it were a probability distribution on the integers Z" = 
{(Ai, A 2 , . . . , A„)}. We assume that M maps this distribution on itself, and that 
Proboo (p I Xj) and Proboo (q | Xj) are stochastically independent when p and q are 
distinct primes. 

For fixed j, the probability Proboo {p\ Xj) that a given prime divisor p of Pj 
docs not divide Xj is 

1-i. 

V 

Hence, the probability that Pj and A.,- are relatively prime is 



Prob^ ^gcd (Pj, Xj) = lj = H (l - 1 



V 

p\Pj v 

This can be recxprcsscd in terms of the Euler totient function as 



Proboo (gcd(P j ,A J -) = l) =^ 
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Since Ai, A 2 , . . . , A„ are independent random variables, we have 
Prob^ ( gcd (Pj,Xj) = lVj) = • 

V / j=1 3 

On the other hand, the probability that a given prime p does not divide all the 
integers Ai, A2, . . . , A„ is 



1-1. 



Thus, 



Proboo ^{gcd(Ai,A 2 ,... ,A„)Vps.t. p \ lem (Pi, P 2 , . . . ,P n )j 
is given by the expression 



C(n) ] 



n ( i -o= — ' (n> n - 

ptlcm(Pi,P 2 ,...,P„) 11 J 

p|lcm(Pi,P 2l ... ,P n ) 

where we have used the fact [21] that 



' Prime 



We next note that the events Vj gcd (Pj ,Xj) = 1 and Vp p { 1cm (Pi i P 2 , • ■ • , P n ) _ 
p f gcd (Pi i p2, . . . , P„) are stochastically independent since they respectively refer 
to the disjoint sets of primes {p : p | 1cm (Pi , P 2 , . . . , P„)} and {p : p \ 1cm (Pi , P 2 , . . . 
Hence, the probability of the joint event 

Profeoo (^gcd (P,-, A,) = 1 Vj AND gcd (Ai, A 2 , . . . , A„) = 1^ 



is given by the expression 



£=1 

n a-p- n ) 

p|lcm(P 1 ,P 2 ,...,P„) 



Using exactly the same argument as that used to find an expression £ 
Proboo ^|gcd(Ai,A 2 ,... ,A„)Vps.t. pf lcm(Pi,P 2 , . . . ,P„)^ , 

we have 

Proboo ^gcd (Ai, A 2 , . . . , A„) = 1^ = C W" 1 • 
Hence the conditional probability 

Proboo gcd (Pj, Xj) = 1 Vj gcd (Ai, A 2 , . . . , A„) = 1 
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is given by the expression 



n (i-p- n ) 

p|lcm(Pi,P 2) ... ,P„) 

Finally, since 

n (i-p-")<i, 

p I. II, /' .!';■.... ,P n ) 

it follows that the conditional probability 

Proboo ^gcd (Pj, Aj) = 1 Vj gcd (Ai, A 2 , . . . , A„) = 1 
is bounded below by the expression 



n 



pip,) 



3 = 1 Pj 



□ 



The following is an immediate corollary of the above conjecture. 

Corollary 8. Let n be an integer greater than 1, and let Pi, P 2 , • • ■ , Pi be n 
fixed positive integers. Let A' l5 A 2 , ■ ■ ■ , X' n ben integers randomly and independently 
selected with replacement from the set all integers Z according to the uniform prob- 
ability distribution. Let M be a fixed element of the group SL± (n, 1) of invertible 
n x n integer matrices. Finally, let Ai, A2, . . . , A„ be n integers given by 

/ \ \ \ \transpose t\t(\I \l -.transpose 

(Ai, A 2 , . . . , A n ) = M (A l5 A 2 , . . . , AJ 

Then, assuming conjecture 1, we have 



Probov gcd(A j ,P j ) = l Vj 



? cd(A 



where Q (— ) denotes the asymptotic lower bound 'big- omega. ' 
Thus, if Q is greater than each Pj , we have 



Prob Q ^gcd(A j ,P j ) = l Vj 
PROOF. Since 18 



gcd(Ai, A 2 , . . . , A„) = 1 ) = O 
ip (n) In In n 



igigQ 



n 

where 7 denotes Euler's constant, we have that 



Pj VigigPj 



3 See [21, Theorem 328, Section 18.4]. 
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Thus, an asymptotic lower bound for the above conditional probability is given by 
the expression 

□ 
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